Then something very strange appeared to happen: lawmakers seemed to take note of public opinion and act accordingly. A number of state legislatures began drafting bills that would make it illegal for employers to demand access to the social profiles of their employees and job applicants. Now that the year is 2013, those laws are either taking effect or will do so in the coming months.

If it ever comes out of committee, SNOPA would “…prohibit employers and certain other entities from requiring or requesting that employees and certain other individuals provide a user name, password, or other means for accessing a personal account on any social networking website.”

Shortly after that, Maryland’s neighbor Delaware passed a bill that prohibited public and private schools not only from mandating that students or applicants provide log-in credentials to social media accounts but also banning these institutions from requiring that students and applicants log-in to their accounts to provide them with direct access to the accounts.

In early December New Jersey’s Governor Chris Christie signed a bill that “Prohibits requirement to disclose user name, password, or other means for accessing account or service through electronic communications devises by institutions of higher education.”

Later in December, Michigan Governor Rick Snyder signed a bill into law that protected “the online privacy of Michiganders by prohibiting employers and educational institutions from asking applicants, employees and students for passwords and other account information used to access private internet and email accounts, including social networks like Facebook and Twitter.”

About Brian Donohue

“We are what we pretend to be, so we must be careful about what we pretend to be.” ― Kurt Vonnegut

Comments (4)

Do these laws also prohibit access to personal accounts of individuals by institutions that obtained credentials by non-consensual means? Such as an employer or a college that captures credentials a person used when on their system or network.

My understanding is that each state’s law is different. The California one does not ban information (including passwords) that are obtained from employer-used devices. So the answer in this case would be no.

This may be getting off topic, but in my opion, organizations that implement tools utilized to obtain information such as credentials are walking a slippery slope. In the age of cloud services, many organizations also use secured services that are hosted off site and accessed over the web. If these organizations also utilize tools to obtain credentials and information passed through, even if secured, these credentials and information must be stored in some form of a database. If this system or database were to be hacked or the more likely case of a disgruntled employee with access to said database and a grudge, they could potentially get access or do a lot of damage to sensitive and propriatry information that may be stored here in addition to credentials and info for employee access to social media.

At one of my previous jobs, WebSense was used for the proxy, but it was not used to obtain credentials orinformation, only to block/allow traffic as was deemed allowable by the organization and to track what sites employees were going to for allowed traffic. They did not want everyone to use social media sites, so instead of spying on employees on social media sites, they just blocked access to these.

In my opinion there are better ways to protect sensitive and propriatary information than gathering traffic and putting it somewhere to “see” what users are doing as this can also be a security concern. That all said, many organizations are required to obtain and keep for certain periods of time, all electronic communications, like email and IM. In these cases, implementing proper solutions can allow this information to be tracked without also tracking credentials.

A modern smartphone is a full-blown working tool, an entertainment center and a tool to manage your personal finances. The more it can do, the more attractive it is to cybercriminals. The evidence for...

Cybercriminals go at great lengths to throw researchers off their scent, but just like in the "offline" crime world they make errors and leave peculiar traces behind, making them look a bit silly, whi...

By Maria Karnaukh Genius is often simple. Those ideas that ultimately reap millions of dollars are usually found hiding in plain view – unnoticed until their time is right. Here are several examples o...